A cybersecurity analyst has identified a new mission-essential function that utilizes a public cloud-based system. The analyst needs to classify the information processed by the system with respect to CIA. Which of the following should provide the CIA classification for the information?

A.

The cloud provider

B.

The data owner

C.

The cybersecurity analyst

D.

The system administrator

Correct Answer:B

QUESTION 92

Following a data compromise, a cybersecurity analyst noticed the following executed query:

SELECT * from Users WHERE name = rick OR 1=1

Which of the following attacks occurred, and which of the following technical security controls would BEST reduce the risk of future impact from this attack? (Select TWO).

A.

Cookie encryption

B.

XSS attack

C.

Parameter validation

D.

Character blacklist

E.

Malicious code execution

F.

SQL injection

Correct Answer:CF

Explanation:

https://lwn.net/Articles/177037/

QUESTION 93

A security analyst has determined that the user interface on an embedded device is vulnerable to common SQL injections. The device is unable to be replaced, and the software cannot be upgraded. Which of the following should the security analyst recommend to add additional security to this device?

A.

The security analyst should recommend this device be place behind a WAF.

B.

The security analyst should recommend an IDS be placed on the network segment.

C.

The security analyst should recommend this device regularly export the web logs to a SIEM system.

D.

The security analyst should recommend this device be included in regular vulnerability scans.

Correct Answer:A

QUESTION 94

A security analyst has been asked to remediate a server vulnerability. Once the analyst has located a patch for the vulnerability, which of the following should happen NEXT?

A.

Start the change control process.

B.

Rescan to ensure the vulnerability still exists.

C.

Implement continuous monitoring.

D.

Begin the incident response process.

Correct Answer:A

QUESTION 95

Which of the following are essential components within the rules of engagement for a penetration test? (Select TWO).

A.

Schedule

B.

Authorization

C.

List of system administrators

D.

Payment terms

E.

Business justification

Correct Answer:AB

QUESTION 96

An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Management directed the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome is unchanged. Which of the following is the BEST logical control to address the failure?

A.

Configure a script to automatically update the scanning tool.

B.

Manually validate that the existing update is being performed.

C.

Test vulnerability remediation in a sandbox before deploying.

D.

Configure vulnerability scans to run in credentialed mode.

Correct Answer:A

QUESTION 97

An organization wants to remediate vulnerabilities associated with its web servers. An initial vulnerability scan has been performed, and analysts are reviewing the results. Before starting any remediation, the analysts want to remove false positives to avoid spending time on issues that are not actual vulnerabilities. Which of the following would be an indicator of a likely false positive?

A.

Reports show the scanner compliance plug-in is out-of-date.

B.

Any items labeled `low’ are considered informational only.

C.

The scan result version is different from the automated asset inventory.

D.

`HTTPS’ entries indicate the web page is encrypted securely.

Correct Answer:B

QUESTION 98

A threat intelligence analyst who works for a financial services firm received this report:

“There has been an effective waterhole campaign residing at www.bankfinancecompsoftware.com. This domain is delivering ransomware. This ransomware variant has been called “LockMaster” by researchers due to its ability to overwrite the MBR, but this term is not a malware signature. Please execute a defensive operation regarding this attack vector.”

The analyst ran a query and has assessed that this traffic has been seen on the network. Which of the following actions should the analyst do NEXT? (Select TWO).

A.

Advise the firewall engineer to implement a block on the domain

B.

Visit the domain and begin a threat assessment

C.

Produce a threat intelligence message to be disseminated to the company

D.

Advise the security architects to enable full-disk encryption to protect the MBR

E.

Advise the security analysts to add an alert in the SIEM on the string “LockMaster”

F.

Format the MBR as a precaution

Correct Answer:BD

QUESTION 99

An organization is requesting the development of a disaster recovery plan. The organization has grown and so has its infrastructure. Documentation, policies, and procedures do not exist. Which of the following steps should be taken to assist in the development of the disaster recovery plan?

A.

Conduct a risk assessment.

B.

Develop a data retention policy.

C.

Execute vulnerability scanning.

D.

Identify assets.

Correct Answer:D

QUESTION 100

A security analyst wants to scan the network for active hosts. Which of the following host characteristics help to differentiate between a virtual and physical host?